The New Battlefield: Why Nation-State Malware is Winning

This warfare is being fought with computers and special created malware. It is Cyber Warfare and every large nation is playing along

The most recent exposed vulnerability from Microsoft demonstrates exactly the type of method Nation-State attackers’ use.

So how does a nation as sophisticated as the United States keep losing the cyber battle? The problem lies in how every major cyber vendor treats malware. Cyber vendors are stuck in the world of detection.

The battlefield of war has changed dramatically over history. A thousand years ago war was fought by two large groups of soldiers meeting in a remote field and battling it out. Then came high powered weapons mounted to tanks and planes culminating with nuclear warfare. Then, a new kind of warfare started, terrorism. This changed the game because it no longer involves an organized military from a known nation. Now, anyone with a homemade bomb or even a vehicle can start acts of war.

Cyber Warfare

However, quietly in the background a new type of warfare has been happening for decades. In recent years this has come to light more and more as the news is reporting and people are starting to understand. This warfare is being fought with computers and special created malware. It is Cyber Warfare and every large nation is playing along.

Specially created malware from government nations is referred to as Nation-State Malware. The image most people have of a middle-aged guy wearing a Simpson’s t-shirt while being a “hacker” in his parent’s basement is quickly changing into sophisticated teams of highly paid people sponsored by national governments. The tricky part of Nation-State malware is due to the amount of funding provided, hackers are writing code that bypasses every know detection and advanced detection (Next-gen AV) method. They look for the smallest of vulnerabilities on vendor products and exploit them.

The most recent exposed vulnerability from Microsoft demonstrates exactly the type of method Nation-State attackers’ use. This vulnerability was first discovered and reported on April 7th 2017. However, malware exploiting this vulnerability has been traced back to late January of 2017. It is this exact type of vulnerability that Nation-State malware uses to infiltrate United States Government computers.

In retaliation, United States government security professionals arm themselves with some of the most expensive tools available in the market today. These tools range from extensive firewalls, to perimeter detection systems, to advance detection methods on the endpoint. But, it just isn’t enough.

Nation-State malware knows and understands all detection methods and can work around it. The United States State Department is one of many Federal Agencies that knows this all too well. It was reported that the State Department network had been breached by malware in late 2014 and many unconfirmed sources state that the Russian Government was behind it. In that same report, the CIA Director said, “U.S. government computer networks are under assault every day from foreign governments, terrorists and hackers of all stripes. America’s adversaries are skilled, agile and determined and matching them will require focus and imagination.”

Staying Safe

So how does a nation as sophisticated as the United States keep losing the cyber battle? The problem lies in how every major cyber vendor treats malware. Cyber vendors are stuck in the world of detection. Detection has been around for over 25 years and is inherently flawed. Detection is only useful against known threats. You wouldn’t send a soldier into a battlefield knowing your only method to protect them was detecting the bullets and where they usually come from.

The new defense mechanism in cyber warfare is protection. Instead of detecting if something is malicious, simply treat everything from an untrusted source as being malicious.

Each task the user performs that could be an ingress point for malware (browsing the Internet or opening office productivity documents) is placed in a hardware isolated virtual machine. Each of these virtual machines do not have access to the host operating system or the network which the computer resides on. As the task the user is working on is completed, the virtual machine is disposed of as well as any damage malware may have done. This leaves the end user computer untouched from any type of malware.

Do not allow our soldiers to enter a battlefield relying on detection alone. Give them complete protection against the adversary.